SocGholish (ab84f259-9b9a-51d8-a68a-2bcd7512d760)

SocGholish is a JavaScript-based loader malware that has been used since at least 2017. It has been observed in use against multiple sectors globally for initial access, primarily through drive-by-downloads masquerading as software updates. SocGholish is operated by Mustard Tempest and its access has been sold to groups including Indrik Spider for downloading secondary RAT and ransomware payloads.^{[SentinelOne SocGholish Infrastructure November 2022]}^{[SocGholish-update]}^{[Red Canary SocGholish March 2024]}^{[Secureworks Gold Prelude Profile]}

Rows: 1
Loading extensions...
Use the filters above each column to filter and limit table data. Advanced searches can be performed by using the following operators:
<, <=, >, >=, =, *, !, {, }, ||,&&, **[empty]**, **[nonempty]**, **rgx:**
Learn more
TableFilter v0.7.2
https://www.tablefilter.com/
©2015-2025 Max Guglielmi
Close
?
Cluster A	Galaxy A	Cluster B	Galaxy B	Level
	Clear Tidal Software		Clear Tidal Groups	Clear 1
SocGholish (ab84f259-9b9a-51d8-a68a-2bcd7512d760)	Tidal Software	Mustard Tempest (0898e7cb-118e-5eeb-b856-04e56ed18182)	Tidal Groups	1